On 08/08/2014 06:36 AM, Gordan Bobic wrote:
On 2014-08-08 11:17, Robert Moskowitz wrote:
On 08/08/2014 02:31 AM, Gordan Bobic wrote:
On 08/08/2014 02:26 AM, Robert Moskowitz wrote:
Where is iptables? No /etc/sysconfig/iptables (or ip6tables).
iptables
is running.
yum install iptables
?
Yeah, I guessed that after I vented.
But not having sshd in minimal? Strange, but then if I am mismatched
on armv then that might explain it.
The idea of the rootfs is that it is _really minimal_, and you yum
install whatever else you need after you get it up and running.
I am beginning to see how minimal it is!
It is deliberately so. The rootfs download is big as it is.
Minimal is one thing. Safe is another. I can understand ssh not
there, kind of. But not iptables.
Minimal takes precedence in this case.
iptables won't make any difference on a minimal image that hasn't
got any remotely accessible services listening.
Except to get additional software, and to apply updates, you TEND to
need network access and the scanners are out there. Just my natural
paranoia.
I guess because security is my line of work. Granted I design secure
communications and identity technology (I co-chaired IPsec, and am the
author of HIP), but I do think more broadly of security.
ANd then I had a thought and no /etc/sysconfig/selinux, meaning no
selinux.
Vast majority of ARM machines ship with kernels that don't
have SELinux built in.
I will have to look into the SunXi kernel that I am using. And see what
the F21 has.
yum install selinux-policy
Additionally, on underpowered hardware like most ARMs are, the
performance hit of SELinux is very non-negligible.
It is one thing to have the root password root at install. It is
another thing not to have the security software in place. At least
say that http://wiki.redsleeve.org/index.php/RootFS
Fair enough, I'll look into adding that bit of info tonight.
_______________________________________________
users mailing list
[email protected]
http://lists.redsleeve.org/mailman/listinfo/users
